Security researcher Elad Erez has created a tool named Eternal Blues that system administrators can use to test if computers on their network are vulnerable to exploitation via NSA's ETERNALBLUE exploit.

Erez released his tool on Wednesday, a day after the NotPetya ransomware caused damages to thousands of computers across the globe.

Just like WannaCry did in last month's outbreak, NotPetya also used ETERNALBLUE as a means to spread from one computer to the next.

In hacking and cyber-security circles, ETERNALBLUE is considered one of the most potent exploits ever seen. A testament to its efficiency and ability to create virulent threats stand the two ransomware outbreaks that took place just two months after its release.

Eternal Blues was created for simple folks

Technically, an attacker could hack Windows computers with one SMB packet. This is also how Erez's tool works.

Eternal Blues will ping computers in a network range and detect if they are vulnerable to those specially crafted packets, but without exploiting the flaw to run any code on the scanned computers.

When users launch Eternal Blues, the tool allows users to scan their local LAN, but Erez says the tool can be used to scan any network range on the Internet, not just local networks.

The researcher admits that his tool is nowhere near as advanced as NMap, Metasploit, or others, but he says he intentionally created a simpler tool because he wanted a one-click solution to detect computers vulnerable to ETERNALBLUE that less technical users can utilize, and not just infosec professionals.

The target audience for Eternal Blues is ordinary sysadmins who have seen WannaCry and NotPetya ransomware wreak havoc in other companies and want to see if their networks are vulnerable, in order to install the necessary updates.

Tool collects anonymized usage data

Just be aware that the tool also uses Google Analytics to collect anonymized usage data. Collected information includes the number of scanned computers and the number of vulnerable computers found per scan. Erez says the tool doesn't collect hostname information, IP addresses, or any other personal data.

Speaking to Bleeping Computer, Erez said he'll share some of these usage statistics in the future. "As for now, more than 350 scans were taken from 50 countries in less than 24 hours," the researcher wrote in an email.

Erez, who works as Director of Innovation at Imperva, created this tool as a personal project. Users can report bugs or download Eternal Blues via the researcher's personal blog.

Update July 12, 2017: As promised, Erez published a blog post with statistics gathered from Eternal Blues usage in the past two weeks.

Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.

Comments

Well that was weird, it says a computer i hadn't used in over a year but recently fired back up and installed 32 bit win 10 creators update was vulnerable. I tried running esets vulnerability tester on it and it said it didn't recognize my version of sys.srv (6.2.15063.296). I went ahead and disabled SMBv1 on it to be safe but kinda wonder what is going on with that computer now.

I just ran it again after turning on another desktop I didn't scan earlier. It is fully updated with win 10 x64 creators update and this program said it was vulnerable. The ESET program said that computer was patched and not vulnerable. I think this scanner needs some tweaking.